Analysis of the three dimensions of the development of Safety Management Center

The inevitability of the construction of Safety Management Center

The development of network security has gone through three stages with the network construction: first, the initial stage of the deployment of firewall, anti-virus and IDs (Intrusion detection system). Second, with the expansion of the network, a variety of business from mutual independence to the common operation, network management in the concept of security domain, using isolation technology to divide the network into logical security zones, and a large number of use of regional border protection and vulnerability scanning and user access control technology, at this time the security technology is divided into protection, monitoring, audit, certification, Scanning and many other systems, complex, called the security construction phase. Third, with the increase in business, network security management has become a new focus of network construction, the separate security system unified management, unified operation, we call the security management stage, the most typical is the Integrated Security Operations Center (Operation Centre) Soc construction. Starting from this stage, the network security begins to embark on the new step of the business security, the business continuance safeguard BCM (Business continuity Management) becomes the next step of the business security evaluation.

Network construction, experienced from separation to unity, and then to the separation of business and management, load and business separation, in which the Network Management Center NOC (Network Operation Center) development plays an important role, then emerging Security Operations Center SOC and Network What kind of relationship is NOC?

One view is that SOC is the operation management of security equipment, nothing more than the management and strategy of adding some security features, SOC is an integral part of NOC. But network management itself also needs the support of security management, security Management Center not only to ensure the security of network support system, but also to provide security for business applications, such as identity authentication, authorization system and other basic security facilities. From the functional point of view, the SOC should be NOC and business management of the common support system, such as NOC in the day-to-day maintenance, but also to accept the SOC personnel identification, security behavior audit management. The relationship between the two is as follows:

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/

From the late stage of the security construction phase, in the early days of enterprise business design, SOC becomes the focus of IT service infrastructure planning together with NOC, equipment operation and maintenance focus on the management of the system itself, providing access to the business; security management focuses on the security of the business, the release of external and internal threats, the information is interoperable, Only the implementation of technology and management focus is different. Security management is the security of the whole lifecycle from the starting point of the business to the completion of the business.

Ii. Three development dimensions in SOC construction

The SOC is generated during the "big integration" of security technology, originally is to solve the security equipment management and massive security incident centralized analysis and development platform, later because of security involved in many aspects, the SOC gradually evolved into all security-related problems centralized processing center: Equipment Management, configuration issued, unified certification, Event analysis, security assessment, strategy optimization, emergency response, behavior audit, etc. Comprehensive analysis of all the security information, the unified strategy of course is ideal, but the SOC to manage so many things, implementation is a big problem. Based on the different understanding, the market appears various Soc also takes the director, has the risk assessment as the Foundation TSOC, has the strategy management NSOC, has the audit main ASOC, as well as simply is the security log analysis primarily specialized platform.

Various SOC features vary, but are conducted around the process of security management, corresponding to the security incident management beforehand, in the event, after three stages, the priority is the deployment of protective measures, squad; security monitoring and emergency response, can be protected against foreseeable danger, but for the unknown risk can only be monitored, Find a way to solve the problem first, afterwards is the analysis of security incidents and forensics, the monitoring of the incident did not alarm the ex-post analysis. The functional development of this SOC extends to the following three dimensions:

Security Protection Management: responsible for the management of Safety network equipment and the operation of the basic security system. Security incidents before the emergence of a variety of protection management, its distinctive feature is the development of a variety of security strategies and issued to the relevant security equipment.

Monitoring and Emergency Dispatch Center: A comprehensive analysis of security incidents, based on the threat level of early warning, and all kinds of events to respond to timely response.

Audit Management platform: event forensics and recurrence, security compliance audit, data statistical analysis, historical data mining. Safety audit safety Management after the "summary" is also the basis for security protection.

Security services run through three dimensions, the strategy of protection needs to evaluate the safety first, and the early warning emergency needs the analysis and method of safety experts ... Soc three development direction to achieve functional requirements can be independent, but its required source of information is basically the same, are from the device security log and link data analysis, the SOC construction is like a root on the three flowers.

The key to security management is to consider the overall, the omission itself will bring insecurity to the system, so the three dimensions of SOC construction should be complementary to each other, which can not replace the other aspects of the function, three aspects of the combination of security incidents covered before, in and after the entire cycle, In order to fully protect the security of customer business.

This article is from the "Jack Zhai" blog, please be sure to keep this source http://zhaisj.blog.51cto.com/219066/41887